If your company or organization uses Microsoft Exchange for email, you’re going to want to run the latest update…
At least 30,000 organizations across the United States — including a significant number of small businesses, towns, cities and local governments — have over the past few days been hacked by an unusually aggressive Chinese cyber espionage unit that’s focused on stealing email from victim organizations, multiple sources tell KrebsOnSecurity. The espionage group is exploiting four newly-discovered flaws in Microsoft Exchange Server email software, and has seeded hundreds of thousands of victim organizations worldwide with tools that give the attackers total, remote control over affected systems.
Eric Baumer, an assistant computer science professor at Lehigh University, has found in his research on Facebook “non-use” that people who cite concerns about data privacy in relation to corporations or the government as their main reason for quitting are likely to stay away from the site. Meanwhile, those who wanted privacy from people they know online are more likely to return. “Oftentimes questions about why people should delete their Facebook accounts are framed in terms of privacy,” Baumer said. “However, that single word glosses over a lot of complexity.”
If your nonprofit, church, or business website isn’t https:// with a reputable SSL certificate, Google’s Chrome browser update will start showing a warning message when visitors arrive. This will affect your site’s trustworthiness.
For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption. And within the last year, we’ve also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “not secure”. Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as “not secure”.
So very true despite the stereotypes (spoken as a former college / high school / middle school teacher turned tech consultant). Parents have a big burden to bear in helping their young and old children make wise decisions about how and why to use the web. Just assuming “they’ll get it because they’re young” is very dangerous.
What is surprising about this data is that while education is a factor in online security literacy, age is less so. Users aged 65 and older were seemingly just as knowledgeable as users in the age range of 18-29; while online literacy bias in general is weighted toward younger users, the Pew survey suggests that overall there is a shared standard of what we know and what we don’t know.
Another reason I tend to prefer Android is the ability to control things on a granular level. Does every user of a mobile device need that? Certainly not. Is Apple “wrong” for this “feature” design? That’s debatable.
But it’s interesting to see how Android and iOS continue to develop along their own trajectories when it comes to designing software for the Lowest Common Denominator of users…
Users can still completely turn off Bluetooth and Wi-Fi by digging into the devices menu settings, but essentially the button does not do what a user can reasonably assume Apple says it does, and that’s because Apple doesn’t trust you. This decision is the next logical step for what has always been Apple’s design ethos: It thinks it knows what you want more than you do.
“On Sunday, March 20, 2016, an outside party demonstrated to the FBI a possible method for unlocking [terrorist Syed] Farook’s iPhone,” federal prosecutors said in a filing Monday afternoon. “Testing is required to determine whether it is a viable method that will not compromise data on Farook’s iPhone. If the method is viable, it should eliminate the need for the assistance from Apple Inc. (“Apple”) set forth in the All Writs Act Order in this case.”
No one likes to take the time to make passwords online. When you’re setting up your CBSSports account to fill in your March Madness brackets, you just want to get to work. No one’s going to hack you, so you just use the same password there as you do for your Bank of America account and GMail. Who cares, right? You’ve got nothing to hide.
And then you get “hacked” and it’s no fun.
Being a “techy” person, I get lots of questions about how to avoid being “hacked” (it’s fascinating to me how that word has changed its usage as geek and tech culture has become mainstream).
My response is normally:
1) Never use the same password twice. Ever. Use a service such as LastPass if you’re into that (I am).
2) For each of the online services you use, make unique and long passwords that include random characters and even nonsense strings that only you know (I know, I know… this isn’t completely foolproof but it helps prevent the script kiddie hacks). Try to avoid common terms such as “password,” “changeme,” or “123456.”
3) Never use the same password twice. Ever.
4) If you can, enable 2 Factor Authentication.
5) Never use the same password twice. Ever.
Step 1 is usually when the person loses interest in my advice. But you should really enable Two Factor Authentication (2FA) as soon as possible if you’re at all concerned about your online accounts or just want to have a good lock on your doors to keep honest people honest.
TwoFactorAuthor.org has a nice list of major services that we all use, with links to relevant instructions, such as Google Accounts, Dropbox, Twitter, Facebook, even Steam or Etsy etc.
There’s no reason for you not to do this today.
Two-factor authentication! In this age of endless massive hacks we seem to be in the middle of, it’s one of the easiest ways you can dramatically boost security on your online accounts.
But which sites actually support it? It can be a pain to keep track. Fortunately, a new, community-driven list keeps a running list of all the big sites that have some form of 2FA enabled (and encourages you to nag at those that don’t).